Filter hook 'rest_allowed_cors_headers'

in WP Core File wp-includes/rest-api/class-wp-rest-server.php at line 432

Description

Filters the list of request headers that are allowed for REST API CORS requests. The allowed headers are passed to the browser to specify which headers can be passed to the REST API. By default, we allow the Content-* headers needed to upload files to the media endpoints. As well as the Authorization and Nonce headers for allowing authentication.

Occurrences

Filename Line Number
wp-includes/rest-api/class-wp-rest-server.php 432

Parameters

Type Name Description
string[] $allow_headers The list of request headers to allow.
WP_REST_Request $request The request in context.

PHP Doc

/**
		 * Filters the list of request headers that are allowed for REST API CORS requests.
		 *
		 * The allowed headers are passed to the browser to specify which
		 * headers can be passed to the REST API. By default, we allow the
		 * Content-* headers needed to upload files to the media endpoints.
		 * As well as the Authorization and Nonce headers for allowing authentication.
		 *
		 * @since 5.5.0
		 * @since 6.3.0 The `$request` parameter was added.
		 *
		 * @param string[]        $allow_headers The list of request headers to allow.
		 * @param WP_REST_Request $request       The request in context.
		 */